8 matches found
CVE-2025-64641 Mattermost Jira plugin crafted action leaks Jira issue details
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
WordPress Tickera plugin < 3.5.2.5 - Ticket leakage through IDOR vulnerability
Ticket leakage through IDOR vulnerability discovered by Martin Thirup Christensen in WordPress Plugin Tickera versions 3.5.2.5...
CVE-2023-7252
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...
CVE-2023-7252
CVE-2023-7252 affects the Tickera WordPress Event Ticketing plugin (before 3.5.2.5). Multiple sources confirm an Insecure Direct Object Reference (IDOR) condition that permits leakage of other users’ tickets due to insufficient access controls. The issue is tracked in public CVE records with the ...
CVE-2023-7252 Tickera < 3.5.2.5 - Ticket leakage through IDOR
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...
PT-2024-15252 · WordPress · Tickera
Name of the Vulnerable Software and Affected Versions: The Tickera WordPress plugin versions prior to 3.5.2.5 Description: The issue allows users to leak other users' tickets due to a lack of proper prevention mechanisms. Recommendations: For versions prior to 3.5.2.5, update to version 3.5.2.5 o...
Tickera < 3.5.2.5 - Ticket leakage through IDOR
Description The plugin does not prevent users from leaking other users' tickets. After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1&orderkey=1234567890&downloadticketnonce=ab903b7c71, but due to missing validation, the URL can be...
Tickera < 3.5.2.5 - Ticket leakage through IDOR
Description The plugin does not prevent users from leaking other users' tickets. PoC After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1key=1234567890ticketnonce=ab903b7c71, but due to missing validation, the URL can be shortened to...